Posted on 02/15/2005 5:29:45 AM PST by palmer
TSA's Secure Flight
As I wrote last month, I am participating in a working group to study the security and privacy of Secure Flight, the U.S. government's program to match airline passengers with a terrorist watch list. In the end, I signed the NDA allowing me access to SSI (Sensitive Security Information) documents, but managed to avoid filling out the paperwork for a SECRET security clearance.
Last month the group had its second meeting.
At this point, I have four general conclusions. One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement -- in almost every way -- over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.)
Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else's ticket, airline procedures, etc. There are so many ways for a terrorist to get around the system that it doesn't provide much security.
Three, the urge to use this system for other things will be irresistible. It's just too easy to say: "As long as you've got this system that watches out for terrorists, how about also looking for this list of drug dealers...and by the way, we've got the Super Bowl to worry about too." Once Secure Flight gets built, all it'll take is a new law and we'll have a nationwide security checkpoint system.
And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars.
Unfortunately, Congress has mandated that Secure Flight be implemented, so it is unlikely that the program will be killed. And analyzing the effectiveness of the program in general, potential mission creep, and whether the general idea is a worthwhile one, is beyond the scope of the working group. In other words, my first conclusion is basically all that they're interested in hearing.
But that means I can write about everything else.
To speak to my fourth conclusion: Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn't be worth it.
Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don't fly, it's a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it's a waste of money.
If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn't build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn't make security sense.
That's my usual metric when I think about a terrorism security measure: Would it be more effective than taking that money and funding intelligence, investigation, or emergency response -- things that protect us regardless of what the terrorists are planning next. Money spent on security measures that only work against a particular terrorist tactic, forgetting that terrorists are adaptable, is largely wasted.
He's argued for years and in several contexts that passive security is delusional and dangerous.
Whatever he is or isn't, he is right.
Right now there is a massive assault on this freedom. Between National ID Cards (the so-called drivers license standards) and Secure Flight (which will be expanded), Americans will lose another distinguishing freedom. Law-abiding U.S. citizens will be subject to endless ID checks for any and no reason.
That is a police state.
I agree with the author. Institute active measures. Hunt down and kill these threats to our society. And I'll go one step further. It is past time for U.S. citizens to reclaim their Second Ammendment right, arm themselves, and openly carry.
The government should be endorsing this. Imagine a terrorist's thought of encountering a plane-load of armed passengers. And armed society is not only a polite society, it is a safe society.
Time to exercise our rights & freedom, and destroy our enemies!
Perhaps one can explain how you get SSI but not have at least a Secret clearance. . .?
I hope to learn a lot of things about Secure Flight and airline passenger profiling in general, but I probably won't be able to write about it. In order to be a member of this working group, I was required to apply for a U.S. government SECRET security clearance and sign an NDA, promising that I would not disclose something called "Sensitive Security Information."
SSI is one of three new categories of secret information, all of I think have no reason to exist. There is already a classification scheme -- CONFIDENTIAL, SECRET, TOP SECRET, etc. -- and information should either fit into that scheme or be public. A new scheme is just confusing. The NDA we were supposed to sign was very general, and included such provisions as allowing the government to conduct warrantless searches of our residences. (Two federal unions have threatened to sue the government over several provisions in that NDA, which applies to many DHS employees. And just recently, the DHS backed down.)
After push-back by myself and several others, we were given a much less onerous NDA to sign.
From http://www.schneier.com/blog/archives/2005/01/secure_flight_p.html
He may not need as much of a background investigation since he is somewhat of a public figure. The NDA that he signed probably has some teeth in it (e.g. criminal prosecution) if it's found that he discloses anything.
Yes, NDA's have some sort of teeth, but this guy was wrong to say he got access to SCI without proper clearances. Doesn't happen. Illegal to do so.
I hadn't heard of SSI either, but Schneier thinks it's a new category in parallel with the existing secrecy categories.
Yeah, you are probably right about that. He invents his own and then takes shots at it.
;-)
The one is a great inconvenience to the law-abiding folks. The other is a great inconvenience to the terrorists. If we have a list of names to match, then we also have a list of names to a.) find, b.) investigate and c.) bring to justice, as necessary and appropriate. That is where the money and effort should go.
If the effect of a passive security is simply to re-direct the terrorists to other tactics and targets, little has been accomplished.
Thus, whatever Schneier's bona fides, common sense says he's right on this issue (and that the politicians and regulators are wrong...but we already knew that).
Im sorry, but he is DEAD wrong
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.